Module: SecureHeaders::InstanceMethods
- Defined in:
- lib/secure_headers.rb
Instance Method Summary collapse
-
#set_csp_header(req = nil, options = nil) ⇒ Object
backwards compatibility jank, to be removed in 1.0.
- #set_hsts_header(options = self.class.secure_headers_options[:hsts]) ⇒ Object
-
#set_security_headers(options = self.class.secure_headers_options) ⇒ Object
Re-added for backwards compat.
- #set_x_content_type_options_header(options = self.class.secure_headers_options[:x_content_type_options]) ⇒ Object
- #set_x_download_options_header(options = self.class.secure_headers_options[:x_download_options]) ⇒ Object
- #set_x_frame_options_header(options = self.class.secure_headers_options[:x_frame_options]) ⇒ Object
- #set_x_xss_protection_header(options = self.class.secure_headers_options[:x_xss_protection]) ⇒ Object
Instance Method Details
#set_csp_header(req = nil, options = nil) ⇒ Object
backwards compatibility jank, to be removed in 1.0. Old API required a request object when it didn’t really need to. set_csp_header - uses the request accessor and SecureHeader::Configuration settings set_csp_header(Rack::Request
) - uses the parameter and and SecureHeader::Configuration settings set_csp_header(Hash
) - uses the request accessor and options from parameters set_csp_header(Rack::Request
, Hash
)
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/secure_headers.rb', line 68 def set_csp_header(req = nil, =nil) # hack to help generating headers statically if req.is_a?(Hash) = req end = self.class.[:csp] if .nil? = self.class. :csp, return if == false csp_header = ContentSecurityPolicy.new(, :request => request, :controller => self) set_header(csp_header) if && [:experimental] && [:enforce] experimental_header = ContentSecurityPolicy.new(, :experimental => true, :request => request, :controller => self) set_header(experimental_header) end end |
#set_hsts_header(options = self.class.secure_headers_options[:hsts]) ⇒ Object
99 100 101 102 |
# File 'lib/secure_headers.rb', line 99 def set_hsts_header(=self.class.[:hsts]) return unless request.ssl? set_a_header(:hsts, StrictTransportSecurity, ) end |
#set_security_headers(options = self.class.secure_headers_options) ⇒ Object
Re-added for backwards compat.
53 54 55 56 57 58 59 60 |
# File 'lib/secure_headers.rb', line 53 def set_security_headers( = self.class.) set_csp_header(request, [:csp]) set_hsts_header([:hsts]) ([:x_frame_options]) set_x_xss_protection_header([:x_xss_protection]) ([:x_content_type_options]) ([:x_download_options]) end |
#set_x_content_type_options_header(options = self.class.secure_headers_options[:x_content_type_options]) ⇒ Object
91 92 93 |
# File 'lib/secure_headers.rb', line 91 def (=self.class.[:x_content_type_options]) set_a_header(:x_content_type_options, XContentTypeOptions, ) end |
#set_x_download_options_header(options = self.class.secure_headers_options[:x_download_options]) ⇒ Object
104 105 106 |
# File 'lib/secure_headers.rb', line 104 def (=self.class.[:x_download_options]) set_a_header(:x_download_options, XDownloadOptions, ) end |
#set_x_frame_options_header(options = self.class.secure_headers_options[:x_frame_options]) ⇒ Object
87 88 89 |
# File 'lib/secure_headers.rb', line 87 def (=self.class.[:x_frame_options]) set_a_header(:x_frame_options, XFrameOptions, ) end |
#set_x_xss_protection_header(options = self.class.secure_headers_options[:x_xss_protection]) ⇒ Object
95 96 97 |
# File 'lib/secure_headers.rb', line 95 def set_x_xss_protection_header(=self.class.[:x_xss_protection]) set_a_header(:x_xss_protection, XXssProtection, ) end |